My domain is: I have many, but one example is “iskrena.si”
I ran this command: letsencrypt certonly -d iskrena.si --nginx
Also tried “letsencrypt renew”
It produced this output:
OpenSSL.crypto.Error: [(‘PEM routines’, ‘get_name’, ‘no start line’)]
In case of “letsencrypt renew” it produced the following:
Attempting to renew cert (iskrena.si) from /etc/letsencrypt/renewal/iskrena.si.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
My web server is (include version):
nginx version: nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.04.4 LTS
I can login to a root shell on my machine (yes or no, or I don’t know): YES
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
When you last renewed you used --standalone
For that to work, you would have to stop nginx first.
That is NOT the ideal setup.
Maybe after you get over this URGENCY, we can talk about a better way to automate your renewals.
[FYI you have 9 days left on the current cert]
Yes I first used standalone and later switched to nginx plugin. Apparently this somehow messed up the configuration. So am I allowed to modify this file?
I realized this problem few days ago and I’m getting worried, but you’re right, 9 days should be enough time
Yes, once a cert has been obtained, all the settings used are retained in the renewal conf file.
So you would only need to add something like --nginx when you want to force a change to the previously set default for that cert. Otherwise, only renew is "required". But perhaps even just "letsencrypt" alone would default to check for renewals.
In that case, certbot renew will automatically stop and start nginx for you—only on those occasions when it attempts a renewal, and not other times. Then it's fine to run certbot renew once or twice a day and not expect any downtime except for the actual renewal attempts.